CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections
A critical vulnerability in Apache ActiveMQ has been disclosed, allowing attackers to inject malicious HTTP security headers through improperly handled message properties, potentially leading to cross ...
-
CybersecurityNews
Ivanti ITSM Vulnerability Lets Attackers Gain Admin Privilege
Ivanti has disclosed a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow attackers with valid credentials to escalate privileges and gain full administrative access. ...
-
CybersecurityNews
Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
A high-severity CRLF injection vulnerability in the Laravel framework, tracked as CVE-2026-48019, could allow attackers to interfere with outbound email processing in affected applications. The issue ...
-
cert.pl
Vulnerabilities in school-management-system software
Vulnerabilities in school-management-system software CVE ID CVE-2026-47324 Publication date 03 June 2026 Vendor ProjectsAndPrograms Product school-management-system Vulnerable versions 6b6fae5 Vulnera ...
-
The Hacker News
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the ...
-
The Hacker News
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerabil ...
-
CybersecurityNews
Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users
A single forgotten development flag left active in production code silently handed Microsoft account tokens to any app on an Android device, exposing billions of users across six major Microsoft 365 a ...
-
security.nl
VS meldt misbruik van vier jaar oud beveiligingslek in Linux-kernel
Aanvallers maken actief misbruik van een vier jaar oude kwetsbaarheid in de Linux-kernel of hebben dit gedaan, zo waarschuwt het Amerikaanse cyberagentschap CISA. Het gaat om CVE-2022-0492, waardoor e ...
-
CybersecurityNews
Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click. This behavior is the same bug class ...
-
CybersecurityNews
HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, E ...